I'm one of the contributors to VizAlerts and I'm not a risk manager, here are some quick thoughts:

- VizAlerts uses Python and some Python modules, some people don't like that at all. VizAlerts and the necessary modules are all open source so you can validate the code yourself if you want.

- VizAlerts does not have to run on the Tableau Server, it can run on another box if you want.

- You can be very fine-grained with the permissions of who can configure and run alerts (based on file permissions, publishing permissions, and configuring the SQL query that VizAlerts issues to identify what alerts to run) so if you want to lock alerts down to sending to few users you're ok.

- One challenge is that currently in Tableau (as of v10.0) Subscriptions do not have permissions on them. So it's possible for users to see and choose Subscriptions that are not appropriate for them (or Subscriptions that you have disabled via other means). It's something that that's come up with Subscriptions in general and we've let Tableau know about it.

- Another potential issue is that for Advanced Alerts (the more common type of alert) the user who publishes the alert must have permissions on all the views that will be delivered for that alert. I've heard of organizations where that is an issue because the admins who are setting up the advanced alerts purposely don't have permission on all the Tableau views.

- VizAlerts uses a domain whitelist for sending emails (so you can have only emails in your domain) but not a recipient@domain whitelist.

- Tableau Server is rendering the views that are delivered by VizAlerts, so you need to have the appropriate hardware resources for the extra load added by VizAlerts.